Plain-English privacy policy.

When you sign in with Google or an email magic link, we receive your email address. If you sign in with Google, we also receive your display name and avatar URL. We never see your Google password.

When you claim a handle, we store it. When you make picks (Daily Bubble, The Seven, Blind Resume, Bracket, Rankings), we store those picks. We log the time you signed up.

For anonymous users (no account), we generate a random session ID in your browser’s storage so we can credit your picks to you if you later sign up. It contains no personal information.

We do not collect your location, your contacts, your browsing history outside this site, or any data from third-party services beyond the email returned by your sign-in provider.

We do not use cookies for tracking or advertising. The only cookies on this site are session cookies required for authentication.

Your email is used to identify your account and (rarely) to contact you about service issues. We never sell it, share it with advertisers, or display it publicly. Your handle is what appears on leaderboards, comparison rows, and your public profile. Your email never appears on those surfaces.

Your picks drive your own stats (calibration, accuracy, streak) and aggregate into anonymized totals (crowd accuracy, leaderboard rank). Individual picks are not shared with other users beyond what’s necessary for those aggregates.

• Supabasehosts the database and authentication. Your account and picks live there. Supabase’s privacy policy is at supabase.com/privacy.
• Vercelhosts the site and runs our serverless functions. Vercel Analytics counts page views without using cookies or collecting PII. Vercel’s privacy policy is at vercel.com/legal/privacy-policy.
• Googlehandles the OAuth sign-in flow when you choose “Continue with Google.” Google sees only that you authenticated. We receive your email, name, and avatar.
• The Odds API supplies betting spreads for The Seven. We send game and team information to them. No user information is shared.

We keep your data as long as your account is active. If you want your account and picks deleted, email press@krugerdunning.com from the address on your account. We will confirm and complete the deletion within 30 days.

For audit purposes, some aggregated stats (e.g., total daily picks made on a given date) are preserved without identifying information.

You can request a copy of your data, ask us to correct anything inaccurate, or have your data deleted. Send any of those requests to press@krugerdunning.com from the email on your account.

If you are in the EU or UK, you have GDPR rights including the right to object to processing and the right to data portability. Send the request the same way.

Kruger·Dunning is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, contact us and we will delete the account.

We use industry-standard encryption (TLS in transit, encrypted storage at rest via Supabase) and authenticate every API request on the server. No system is perfectly secure, but we treat your data carefully.

Data is hosted on Supabase’s and Vercel’s United-States infrastructure. By using the service, you consent to your data being processed in the US.

If we change anything material, we will update the “Last updated” date at the top and post a brief note on the homepage. For substantive changes (new third parties, new categories of data), we will email account holders.

Questions, corrections, deletion requests, anything else: press@krugerdunning.com.